Thanks for your advice. I've only worked with OpenVPN, but I'll do some more research on IPSec.
Good thing the hardware that I most like to use for pfSense deployments has an Intel Atom processor that does support AES ( http://ark.intel.com/products/77988/Intel-Atom-Processor-C2758-4M-Cache-2_40-GHz). :) On Wed, Jun 8, 2016 at 8:05 AM, Vick Khera <[email protected]> wrote: > On Wed, Jun 8, 2016 at 6:31 AM, David White <[email protected]> wrote: > > > I didn't think I would have to setup a new server / port for each remote > > office. I thought that, with the SSL/TLS setup, I could have a single > > server and configure it so that clients can see & interact with each > other. > > > > When you configure the OpenVPN server side, you need to specify the remote > IP network. How will you do that for 20 different remote sites with one > server config? > > The IPSec config will be much cleaner, I think, and much lower overhead. > > With either case, make sure you have hardware crypto support (usually that > means AES-NI feature in your CPU) and choose the ciphers that are supported > by it, specifically AES128 (or AES256) with SHA. The clients could probably > get away without the hardware acceleration, but if you are pushing lots of > traffic through the hub then you will need it. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- David White Founder & CEO 423-693-4234 @developCENTS <https://twitter.com/developcents> https://developcents.com *Develop CENTS* Computing, Equipping, Networking, Training & Supporting for small businesses and nonprofits Providing: Web Hosting, Technical Support & IT Consulting *Signup to our Newsletter at <https://developcents.com/contact>https://developcents.com/contact/ <https://developcents.com/contact/>* _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
